Cyberstalkers Using New Windows Feature to Spy on iPhones

Simon Lewis

By Simon Lewis

Updated:

With their closed operating system and regular updates, iPhones are renowned for their excellent security.

However, a newly-released feature in Windows 11 may have created a backdoor for cyberstalkers to target their victim’s iPhone.

The root of this concern is a Windows app called Phone Link. Phone Link has been around for many years and it’s designed to enable users to connect their Android phone to their PC via a Wi-Fi connection.

It’s a useful and legitimate app that allows users to send/receive texts and make/receive calls right from their PC.

In April 2023, Microsoft announced that the Phone Link app was being expanded to allow iOS users to connect their iPhones to their PC in the same way.

Mac users have had this ability for many years now, but this is the first time that Windows users have been able to link with their iPhones in this way.

The new capability is a welcome piece of cross-platform integration that will be convenient for the millions of people that use Windows on their laptops but have Apple cell phones.

Unfortunately, as with many such tools designed to make our lives easier and more productive, abusers and cyberstalkers often find ways to exploit them and Phone Link is no exception.

How Is Phone Link Abused?

At Certo, we’re constantly on the lookout for new cyberthreats so we can help cell phone users keep on top of their mobile security. In the last few weeks several of our users have reported that cyberstalkers have been using Phone Link to spy on their iPhones.

We investigated and discovered that it is easy for potential cyberstalkers to set up this app on someone else’s iPhone and there are no obvious signs that the iPhone user’s data is being shared.

Cyberstalkers with physical access to their victim’s iPhone can set up Phone Link with their own Windows PC and then use it to spy on iMessages and phone call history—all without the victim’s knowledge.

iPhones are renowned for their robust security, thus making them the most challenging devices to infiltrate via spying. This recent revelation is especially significant because, unlike Android phones, deploying spyware on iPhones is notably more difficult.

Many people who prioritize their security opt for iPhones for this reason, and the fact that cyberstalkers seem to be rapidly exploiting this new feature is concerning. As a result, the iPhone’s reputation as a “secure” choice could be at risk.

How Does It Work?

Phone Link is designed for easy setup. We won’t explain the exact steps for obvious reasons, but essentially all the stalker needs to do is scan a QR code on their PC screen with the victim’s iPhone to establish a Bluetooth connection. Then they just need to enable a few options on the phone to start sharing information to their PC.

Fig 1. It’s quick and easy to use Phone Link to pair an iPhone with a Windows PC

Once setup, the Phone Link app on the PC can:

  • View sent and received iMessages
  • Send iMessages to contacts
  • View call history
  • Make calls
  • View the contents of all notifications

Fig 2. Phone Link allows users to send and receive messages from linked devices

Fig 3. Phone Link allows users to make calls and see the call history of connected devices

It’s worth noting that cyber stalkers can only view iMessage history after setting up Phone Link. They cannot see messages sent or received before they set it up.

The core functionality of Phone Link is limited to syncing iMessages and phone calls. However, you can also see all the iPhone notifications including, crucially, the contents of those notifications.

This means that even if your iPhone is set to not show the contents of notifications until unlocked, Phone Link will still show the contents of these notifications regardless. This can be a way to spy on other private information, such as WhatsApp messages or notifications from banking apps.

Fig 4. Phone Link will show the contents of iPhone notifications

Most worryingly, there are no obvious signs to the iPhone user that their iMessages and notifications from other apps are being shared with a computer. The only way to check is to see what Bluetooth devices you are connected to and review what information you are sharing with them.

How to Stop Cyberstalkers Spying on You with Phone Link

  1. Go to your Bluetooth settings (Settings > Bluetooth > My Devices).
  2. Check for any devices you do not recognize. Specifically, look for any device that has the options Show Notifications or Share System Notifications enabled.
  3. Tap Forget This Device to unpair it from your iPhone.

Fig 5. It’s easy to find and unpair devices that may be using Phone Link to spy on you

Alternatively, if you do not use Bluetooth, turn it off. That will stop this attack immediately.

You should also set a secure unlock passcode for your device that only you know. This will stop someone from accessing your device in order to set up Phone Link in the future.

It’s also worth checking if there are any other Face IDs or Touch IDs set up on your iPhone, as this is another way someone could access your device and set up Phone Link.

What Should Apple/Microsoft Be Doing?

Since iOS 14, your iPhone will alert you when your microphone or camera is in use, via a green or orange dot at the top of your screen. This was a great step forward in privacy, giving iPhone users a clear indication of when certain device features are being accessed.

Apple should implement a similar visual indication when notifications/messages are being shared to a Bluetooth device.

Microsoft could also add a warning to the Phone Link app advising that it should only be used with your devices and not other people’s.

Wrapping Up

As with previous loopholes in iPhone security, it may not be long before spyware makers start creating tools that make use of this method to extract even more information from victim’s iPhones.

This is exactly what happened with Apple’s iTunes WiFi Sync feature. Spyware tools were able to exploit this legitimate iOS feature to regularly extract private information from iPhones over WiFi, with no indication to the victim that their device was being spied on.

The Phone Link attack is similar because the stalker needs physical access to the iPhone to get things set up. The main difference is that it uses Bluetooth.

The need for physical access means it’s likely that someone in the same household will be the perpetrator. At Certo, we’re already seeing reports of Phone Link being misused to enable domestic tech abuse—for example, by controlling partners.

Our advice is that all iPhone users should be aware of this threat. If you think that you are being targeted, follow the instructions above to protect yourself immediately.